Git SSL certificate problem: unable to get local issuer certificate

Drone Support
1

Hi all,
I have a problem running drone+gitlab in my local k8s cluster environment,
The UI show error message:

Initialized empty Git repository in /drone/src/.git/
+ git fetch origin +refs/heads/master:
fatal: unable to access 'https://gitlab.xxxxxx.com/aaaaaa/drone-ci-demo.git/': SSL certificate problem: unable to get local issuer certificate

and my drone in k8s cluster, show:

drone-job-3-4hje6fdtypem9vg28-c7vk2   0/1     Completed   0          24s     172.30.44.29    192.168.10.119   <none>           <none>
drone-secrets-57dcfd97b8-npnvc        1/1     Running     0          2d16h   172.30.99.248   192.168.10.142   <none>           <none>
drone-server-65d84f54dc-f2gxm         1/1     Running     0          2m8s    172.30.99.252   192.168.10.142   <none>

and kubeclt logs -f drone-job-3-4hje6fdtypem9vg28-c7vk2:

time="2019-09-02T05:27:32Z" level=debug msg="runner: get stage details from server" arch=amd64 machine=192.168.10.119 os=linux stage-id=3
2019/09/02 05:27:32 [DEBUG] POST http://drone-server-service/rpc/v1/details
2019/09/02 05:27:32 [DEBUG] POST http://drone-server-service/rpc/v1/netrc
time="2019-09-02T05:27:32Z" level=trace msg="registry: no registry credentials loaded"
time="2019-09-02T05:27:32Z" level=trace msg="registry: no registry credentials loaded"
2019/09/02 05:27:32 [DEBUG] POST http://drone-server-service/rpc/v1/beforeAll
time="2019-09-02T05:27:32Z" level=info msg="runner: start execution" arch=amd64 build=3 machine=192.168.10.119 os=linux pipeline=deploy repo=marvinpan/drone-ci-demo stage=1 stage-id=3
2019/09/02 05:27:32 [DEBUG] POST http://drone-server-service/rpc/v1/before
2019/09/02 05:27:34 [DEBUG] POST http://drone-server-service/rpc/v1/write
2019/09/02 05:27:34 [DEBUG] POST http://drone-server-service/rpc/v1/write
2019/09/02 05:27:34 [DEBUG] POST http://drone-server-service/rpc/v1/write
2019/09/02 05:27:34 [DEBUG] POST http://drone-server-service/rpc/v1/write
2019/09/02 05:27:34 [DEBUG] POST http://drone-server-service/rpc/v1/upload?id=5
2019/09/02 05:27:35 [DEBUG] POST http://drone-server-service/rpc/v1/after
time="2019-09-02T05:27:35Z" level=info msg="runner: execution failed" arch=amd64 build=3 error="clone : exit code 128" machine=192.168.10.119 os=linux pipeline=deploy repo=marvinpan/drone-ci-demo stage=1 stage-id=3
2019/09/02 05:27:35 [DEBUG] POST http://drone-server-service/rpc/v1/afterAll

and the ENV in my drone.yaml is:

- name: DRONE_KUBERNETES_ENABLED
  value: "true"
- name: DRONE_KUBERNETES_NAMESPACE
  value: drone

- name: DRONE_GITLAB_SERVER
  value: https://gitlab.xxxx.net
- name: DRONE_GITLAB_CLIENT_ID
  value: XXXX
- name: DRONE_GITLAB_CLIENT_SECRET
  value: XXXXX
- name: DRONE_GITLAB_SKIP_VERIFY
  value: "true"           

- name: DRONE_SERVER_HOST
  value: drone.xxxx.domain
- name: DRONE_SERVER_PROTO
  value: https
- name: DRONE_DATABASE_DRIVER
  value: sqlite3
- name: DRONE_DATABASE_DATASOURCE
  value: "/data/database.sqlite"
- name: DRONE_USER_CREATE
  value: username:root,admin:true
- name: DRONE_SECRET_SECRET
  value: XXXX
- name: DRONE_SECRET_ENDPOINT
  value: http://drone-secrets-service

- name: DRONE_RPC_SECRET
  value: XXXX
- name: DRONE_RPC_HOST
  value: drone-server-service
- name: DRONE_RPC_PROTO
  value: http
- name: DRONE_RPC_DEBUG
  value: "true"
- name: DRONE_LOGS_TRACE
  value: "true"
- name: DRONE_LOGS_DEBUG
  value: "true"
- name: DRONE_LOGS_COLOR
  value: "true"
- name: DRONE_LOGS_PRETTY
  value: "true"
- name: DRONE_LOGS_TEXT
  value: "true"
- name: DRONE_RUNNER_IMAGE
  value: drone/controller:1.3.1-linux-amd64
- name: DRONE_DATADOG_ENABLED
  value: "false"
- name: DRONE_GITLAB_DEBUG
  value: "true"
- name: DRONE_REGISTRY_SKIP_VERIFY
  value: "true"
- name: DRONE_GIT_ALWAYS_AUTH
  value: "false"

Anything wrong with me for drone config of k8s? Can you help me?

2

If you use a self signed certificate for your GitLab instance you need to add this certificate to the cert store of the runner.

3

DRONE_GITLAB_SKIP_VERIFY=true don’t work?